The root CA certificate, or failing that, the certificate used to sign the WPK package, must be installed in the agent before running an upgrade.
You have two options:
Overwrite the shipped root CA with your certificate. This will prevent your agent from upgrading using WPK packages from Wazuh.# cp /path/to/certificate etc/wpk_root.pem
Add a new certificate by editing the ossec.conf file:<active-response> <ca_store>/var/ossec/etc/wpk_root.pem</ca_store> <ca_store>/path/to/certificate</ca_store> </active-response>
Get the WPK package into the Wazuh manager and run:
# /var/ossec/bin/agent_upgrade -a 001 -f path/to/myagent.wpk -x upgrade.sh
-a 001 specifies the agent to upgrade.
-f path/to/myagent.wpk is the path to the WPK package.
-x upgrade.sh is the name of the upgrading script contained in the package.
Sending WPK: [=========================] 100% Installation started... Please wait. Agent upgraded successfully